Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/nJWPR3ijpZMRJhibKnA2bqIBU-0.roa
File:                     nJWPR3ijpZMRJhibKnA2bqIBU-0.roa (raw, json)
Hash identifier:          hkrTvd6KUmz1EfV2glZ262Azwm8Xx7aPhY3VGefvZcM=
Subject key identifier:   9C:95:8F:47:78:A3:A5:93:11:26:18:9B:2A:70:36:6E:A2:01:53:ED
Certificate issuer:       /CN=b45999899f76d2e2e4ccdfc817f9879cfac06bbe
Certificate serial:       019EB785FC02773974E27C94E83B134BEA48
Authority key identifier: B4:59:99:89:9F:76:D2:E2:E4:CC:DF:C8:17:F9:87:9C:FA:C0:6B:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tFmZiZ920uLkzN_IF_mHnPrAa74.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/nJWPR3ijpZMRJhibKnA2bqIBU-0.roa
Signing time:             Thu 11 Jun 2026 16:31:11 +0000
ROA not before:           Thu 11 Jun 2026 16:31:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3320
IP address blocks:        43.251.0.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/tFmZiZ920uLkzN_IF_mHnPrAa74.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/tFmZiZ920uLkzN_IF_mHnPrAa74.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tFmZiZ920uLkzN_IF_mHnPrAa74.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b7:85:fc:02:77:39:74:e2:7c:94:e8:3b:13:4b:ea:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b45999899f76d2e2e4ccdfc817f9879cfac06bbe
        Validity
            Not Before: Jun 11 16:31:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9c958f4778a3a5931126189b2a70366ea20153ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:ba:cb:d1:20:53:90:70:8f:66:89:89:58:d5:
                    20:ad:f0:de:df:a6:ad:54:d3:ef:05:36:24:d3:72:
                    6d:1f:33:41:e8:19:db:e5:26:ef:64:d0:9a:3a:1f:
                    84:46:f0:43:0f:b5:17:38:25:a9:6f:b7:3a:8f:3e:
                    ba:d8:69:f1:13:5b:43:1d:e1:fe:c4:ce:14:0a:ca:
                    31:a6:3a:6d:4f:82:27:bc:c7:91:44:de:0a:a9:b4:
                    5b:61:76:9e:d3:97:27:ce:6b:9b:55:57:66:de:ee:
                    66:73:54:a9:37:f0:35:32:60:de:3a:f8:3c:a1:c4:
                    97:1b:c2:25:b9:59:5f:aa:6a:d9:e2:59:cd:03:d7:
                    d2:f3:d2:1f:c5:e0:eb:b7:6f:ce:6c:9e:54:55:80:
                    9d:a8:eb:06:45:e2:15:e5:cb:de:78:03:13:44:56:
                    69:46:5f:dc:54:f7:25:0e:7c:44:88:4b:f7:77:a6:
                    54:cf:89:57:cf:d7:d3:ba:5e:88:a0:d5:6d:81:fd:
                    91:88:15:dd:16:b1:80:83:1b:9f:35:02:4c:1e:e1:
                    f5:91:a5:dd:75:c5:7b:9b:fa:7b:41:d9:6c:df:e7:
                    76:a6:b7:39:32:e0:bd:52:cd:ba:a7:9d:80:96:3f:
                    c1:97:68:4d:55:7b:bd:78:2e:0b:c0:71:6c:7a:23:
                    87:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:95:8F:47:78:A3:A5:93:11:26:18:9B:2A:70:36:6E:A2:01:53:ED
            X509v3 Authority Key Identifier:
                keyid:B4:59:99:89:9F:76:D2:E2:E4:CC:DF:C8:17:F9:87:9C:FA:C0:6B:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tFmZiZ920uLkzN_IF_mHnPrAa74.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/nJWPR3ijpZMRJhibKnA2bqIBU-0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/tFmZiZ920uLkzN_IF_mHnPrAa74.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.251.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         51:2b:98:72:e1:f4:6c:51:7b:b0:21:27:27:d6:da:4e:31:10:
         45:12:83:e3:d4:03:c3:6f:cd:49:36:ea:e8:69:76:78:d4:4a:
         fd:6f:94:74:06:3a:f3:16:59:d0:dd:22:b3:76:e1:08:7e:09:
         fc:d5:23:25:03:28:42:dc:7f:c7:e4:99:1b:c4:dd:0b:77:32:
         e8:c5:05:37:74:72:05:80:96:23:c1:56:79:e7:6b:63:a2:07:
         b9:46:8a:73:e8:53:86:7e:a4:01:be:9d:a5:0e:05:b6:53:e1:
         b6:4d:0d:f9:7a:b0:a6:b1:7a:00:32:f4:83:6b:ea:38:c6:4b:
         d4:91:29:28:9a:24:80:58:59:88:55:08:66:3b:3a:ba:2e:c5:
         98:6c:19:a4:d5:54:76:af:06:47:06:ba:d3:4f:93:f7:55:31:
         de:5c:a6:41:ae:83:f4:ea:2b:25:10:3c:3c:4e:0a:3f:ec:f6:
         3b:a5:d5:98:5d:97:3a:63:61:c5:57:be:7e:dc:4c:4b:6b:3b:
         74:ae:07:98:6d:1e:1d:10:a8:45:70:d8:91:53:6c:9c:b8:21:
         51:b9:98:67:33:d7:53:c0:22:79:26:a7:cc:81:ec:a2:a8:4c:
         19:99:47:27:39:63:a5:bf:74:f9:8e:98:88:07:3d:02:55:67:
         ad:2f:93:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ63hfwCdzl04nyU6DsTS+pIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0NTk5OTg5OWY3NmQyZTJlNGNjZGZjODE3Zjk4NzljZmFj
MDZiYmUwHhcNMjYwNjExMTYzMTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Yzk1OGY0Nzc4YTNhNTkzMTEyNjE4OWIyYTcwMzY2ZWEyMDE1M2VkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAorrL0SBTkHCPZomJWNUgrfDe36at
VNPvBTYk03JtHzNB6Bnb5SbvZNCaOh+ERvBDD7UXOCWpb7c6jz662GnxE1tDHeH+
xM4UCsoxpjptT4InvMeRRN4KqbRbYXae05cnzmubVVdm3u5mc1SpN/A1MmDeOvg8
ocSXG8IluVlfqmrZ4lnNA9fS89IfxeDrt2/ObJ5UVYCdqOsGReIV5cveeAMTRFZp
Rl/cVPclDnxEiEv3d6ZUz4lXz9fTul6IoNVtgf2RiBXdFrGAgxufNQJMHuH1kaXd
dcV7m/p7Qdls3+d2prc5MuC9Us26p52Alj/Bl2hNVXu9eC4LwHFseiOHEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJyVj0d4o6WTESYYmypwNm6iAVPtMB8GA1UdIwQY
MBaAFLRZmYmfdtLi5MzfyBf5h5z6wGu+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEZtWmlaOTIwdUxrek5fSUZfbUhuUHJBYTc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC9jYjdiMjEtMzM1Yy00MmNhLTg1OWUt
NzM0MjhmOWM3YmZmLzEvbkpXUFIzaWpwWk1SSmhpYktuQTJicUlCVS0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC9jYjdiMjEtMzM1Yy00MmNhLTg1OWUtNzM0MjhmOWM3YmZm
LzEvdEZtWmlaOTIwdUxrek5fSUZfbUhuUHJBYTc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCK/sAMA0G
CSqGSIb3DQEBCwUAA4IBAQBRK5hy4fRsUXuwIScn1tpOMRBFEoPj1APDb81JNuro
aXZ41Er9b5R0BjrzFlnQ3SKzduEIfgn81SMlAyhC3H/H5JkbxN0LdzLoxQU3dHIF
gJYjwVZ552tjoge5Ropz6FOGfqQBvp2lDgW2U+G2TQ35erCmsXoAMvSDa+o4xkvU
kSkomiSAWFmIVQhmOzq6LsWYbBmk1VR2rwZHBrrTT5P3VTHeXKZBroP06islEDw8
Tgo/7PY7pdWYXZc6Y2HFV75+3ExLazt0rgeYbR4dEKhFcNiRU2ycuCFRuZhnM9dT
wCJ5JqfMgeyiqEwZmUcnOWOlv3T5jpiIBz0CVWetL5OS
-----END CERTIFICATE-----